Platform and configuration command:

$ uname -a
Linux run 4.15.0-54-generic #58-Ubuntu SMP Mon Jun 24 10:55:24 UTC 2019 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-devcryptoeng

Commit log since last time:

4114964865 Build files: add module installation targets
ae6b654b66 TEST: make and use a fipsinstall script
c0bfc473d8 Use the libctx for all EVP_PKEY_CTX operations
4f6c704495 Re-enable FIPS testing in sslapitest.c
5e30f2fd58 Use a non-default libctx in sslapitest
09ec5e6f5d dhparam: white space cleaning
61b2afb50a apps: undeprecate the conditioned out apps
19d9be09d1 openssl: include the version a command was deprecated in the output 
text.
f84fe4f448 apps: reinstate deprecated commands but using PKEY APIs
7539cb70eb dsaparam: update command line app to use EVP calls
b304f8567c CHANGES: note which command line utilities are marked for 
deprecation but still available.
769cfc3bd0 Undeprecate DH_get_length() and DH_set_length() functions
dddbbc6f39 gendsa: update command line app to use EVP calls
8f7e1f68cc genrsa: update command line app to use EVP calls
99a7c3a7bf openssl: include the version a command was deprecated in the output 
text.
188dd86ab4 apps: reinstate deprecated commands but using PKEY APIs
ccefc3411e dhparam: update command line app to use EVP calls
b0cfe526d7 tests: reinstate tests for deprecated but non-removed functionality
cd3572a110 dsaparam: update command line app to use EVP calls
54affb77c5 rsa: update command line app to use EVP calls
b940349de1 dsa: update command line app to use EVP calls
e0331eb8b8 Prevent crash in X509_NAME_cmp() etc. when cert has no issuer or no 
serialNumber
753283cd23 Add CMP error reason 'missing reference cert'
e599d0aecd Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in 
crypto/cmp/
a81151bd56 Add a couple of hints to fuzz/README.md
642f60d840 Rename CMP_PROTECTEDPART to OSSL_CMP_PROTECTEDPART for consistency
7a41760667 GOST2012 TLS ClientCertificateType Identifiers support
ccb47dbf47 DOC: Extend the description of EVP_PKEY_CTX_new_from_name()
476de2e5e5 DOC: Add more description of EVP_PKEY_fromdata(), and examples
031c9bd3f3 apps/speed: fix invalid final report when run SM2 benchmarks in 
parallel
ad16671d49 GOST cipher names adjustment
301ea192c7 INSTALL: document 'no-ui-console' rather than 'no-ui'
629c72db5f When calling the import_to function pass the libctx too
7da7b27eec Windows: Add type casting in CRYPTO_atomic_add to remove warning
4350a6bd42 doc: note that the FIPS provider contains some non-approved 
algorithms.
19985ac42c news: note the addition of ECX and SHAKE256 to the FIPS provider as 
non-approved algorithms
b5bcc05302 pkey: free key manager on error path
d8171446a2 ecx: check for errors creating public keys from private ones.
c1e48c5171 s390: ECX key generation fixes.
43cd37014e ecx: add key generation support.
1ee1e55114 Add ECX to FIPS provider as non-FIPS algorithms
8a5cb59601 TEST: Add a test of keygen with an empty template in 
test/evp_extra_test.c
d0ddf9b409 EVP: Fix calls to evp_pkey_export_to_provider()
6f89229603 TLSEXT_SIGALG_gostr34102012 0x0840 and 0x0841 support
7525c93030 Document X509_verify_ex() and X509_REQ_verify_ex()
465f34ed27 Introduce an internal version of X509_check_issued()
0820217441 Create a libctx aware X509_verify_ex()
b27ed81943 Put sys-specific files in build.info
705536e2b5 Use build.info, not ifdef for crypto modules
7165593ce5 Add DH keygen to providers
b03ec3b5d6 Add DSA keygen to provider
09b3654096 Make sure we always send an alert in libssl if we hit a fatal error
e395ba223d When calling EC_POINT_point2buf we must use a libctx
137b274aee Document the new libctx aware private key functions
d6a2bdf7f1 Make sure we use the libctx in libssl when loading PrivateKeys
1531241c54 Teach PEM_read_bio_PrivateKey about libctx
8755b08524 Teach the OSSL_STORE code about libctx
f13fdeb321 Use the libctx in Ed448 private key decoding
472a88b79e Teach d2i_PrivateKey et al about libctx
ca59b00bbd Fix no-pic static builds
49276c3569 EVP: fix memleak in evp_pkey_downgrade()
813d317178 EVP: Add a temporary SM2 hack to key generation
10d756a70e EC: Refactor EVP_PKEY_CTX curve setting macros for param generation
1f185f51a7 PROV: Implement EC param / key generation
2b9add6965 KEYMGMT: Add functions to get param/key generation parameters
a5c864ce90 Fix Dynamic engine loading so that the call to 
ENGINE_load_builtin_engines() is performed.
9bf475fcf3 mkerr: remove legacy guards from generated error headers
ff1f7cdeb1 Add ex_data to EVP_PKEY.
0437435a96 BIO_do_accept: correct error return value
b93e2ec273 Fix some errors in documentation
e32e00ab20 Initialize files that declare internal symbols
8270c4791d Rework util/find-doc-nits to distinguish internal documentation
eacd30a703 Add manpage entry for X509_check_purpose()
abfc73f374 Fix EVP_DigestSign interface when used with DES CMAC
cc572c2564 EVP: legacy_ctrl_to_param() to handle provider side keys
aec8de1a5f CMS KARI: Temporarly downgrade newly generated EVP_PKEYs to legacy
1ae56f2f43 Don't compile commands if disabled
fa4d3fe46d Fix krb5 external test
09fafd0606 Add common internal crypto/ modules in liblegacy.a
5435044fd6 Enable Ed25519 signing/verifying to use the libctx
bbe3ed06d7 Add the auto generated der files to .gitignore
aa233ef7f7 Document the new library context aware CT functions
1a37ee9402 Ensure libssl uses the new library context aware CT code
d4b2bfbade Make the CT code library context aware
76e23fc50b Enable export_to functions to have access to the libctx
8519b244bc OpenSSL::OID: Don't use List::Util
ae3254287f Update RAND_METHOD definition in man page
fbc6efbbc1 Travis build matrix adjustments
7b4344ac3e Add a null provider which implements no algorithms.
f5056577ba Move legacy ciphers into the legacy provider
cc45a884bd Document the new X509_STORE_CTX_new_with_libctx() function
e66c37deb6 Explicitly cache the X509v3_extensions in one more place in libssl
0c56a64829 Use the libctx and propq from the X509_STORE_CTX
a959b4fa97 Use X509_STORE_CTX_new_with_libctx() in libssl
1143c27be1 Add X509_STORE_CTX_new_with_libctx()
afce590b74 TLS: Temporarly downgrade newly generated EVP_PKEYs to legacy
e3be0f4389 Fix export of provided EC keys
c2041da8c1 EVP & TLS: Add necessary EC_KEY data extraction functions, and use 
them
4f76d62f23 EVP: add EVP_PKEY_is_a() and EVP_PKEY_can_sign()
82e1fc1bc0 params: add a warning about the PTR types.
069165d106 AES CTR-DRGB: do not leak timing information
96218269f4 Integer overflow in ASN1_STRING_set.
86f32187c3 params: avoid a core dump with a null pointer and a get string call
c61ced5ec5 [crypto/ec] blind coordinates in ec_wNAF_mul for robustness
1eb9b54af7 Fix the error handling in EC_POINTs_mul
d803930448 Fix misleading error msg for PBM check w/o secret in 
OSSL_CMP_validate_msg()
99d680e6bc Fix error reporting glitch in X509_STORE_CTX_print_verify_cb() in 
t_x509.c
a1e4c8ef81 Fix bugs in 3GPP exception checking and improve diagnostics in 
crypt/cmp/cmp_vfy.c
2d956b320c PROV: Add DERlib support for ECDSA and EC keys
8c55580347 PROV: Add DERlib support for DSA
6f5837dc16 PROV: Add DERlib support for RSA
1d39620b34 PROV: Add the beginning of a DER writing library
77de6bb38d Add perl support to parse and DER encode ASN.1 OID specs
3cb55fe47c Add test cases for the non CA certificate with pathlen:0
fa86e2ee35 Set X509_V_ERR_INVALID_EXTENSION error for invalid basic constraints
428cf5ff83 Allow certificates with Basic Constraints CA:false, pathlen:0
a056ee28ed Add a WPACKET test for the new DER capability
d3ba3916d4 Add "endfirst" writing to WPACKET
e2bf331bc0 Fix a gcc warning about possible null pointer
70d80ef989 Expand the XTS documentation
94468c775c Remove an unnecessary call to BN_CTX_free.
0e8b6c97ba Fix bugs in EC code introduced with FIPS changes.
ec4d1b8f8c Add data driven SELF TEST code for signatures and key agreement
4b1fe471ac HTTP client: make server/proxy and port params more consistent; 
minor other improvements
afe554c2d2     Chunk 10 of CMP contribution to OpenSSL: CMP http client and 
related tests
98278b9631 TLS Cipher Suite 0xC102 Support
b5f7aa5ce7 Fix a printf format error in cmp_client.c
ccb8f0c87e Fixups in CHANGES.md
beb958ccd8 Extend the sslprovider_test to be able to additionally test FIPS
5093fec23b Make sure we always use the correct libctx in sslprovidertest.c
d882e4ce56 Make sure we use the libctx when creating an EVP_PKEY_CTX in libssl
fc69f32cd6 Use EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex in libssl
fe56d5951f Don't double free a DH object
a4a93bbfb0 [crypto/ec] Ladder tweaks
09736245b1 [test] Make sm2_internal_test less fragile to changes in the ec 
module
cd81ac7be3 apps: support sendfile in s_server when ktls enabled
96ebe52e89 Add EVP_PKEY_gettable_params support for accessing EVP_PKEY key data 
fields
f4c8807309 Windows makefile generator: Don't delete long lists of files in one 
go
a70535f849 Give a better error if we can't find a sig alg
fd03868b34 Fix off-by-1 bug on provider_activate with custom error strings
551543e5e2 Add test for providers exposing OSSL_FUNC_PROVIDER_GET_REASON_STRINGS
e15d369781 Document the new X509v3_cache_extensions() function
9f0f53b7db Explicitly cache X509v3 extensions in libssl
33328581b8 Add the X509v3_cache_extensions() function
c2146b57d2 Don't attempt to up-ref an EVP_CIPHER if it is NULL
743d9c16de Describe the "want" parameter in int create_bare_ssl_connection()
e737adb42a Display errors if a test TLS connection fails
20c98cd453 Param builder: Remove the static size limit.
6d4e6009d2 Param build: make structures opaque.
be19d3caf0 NEWS: note OSSL_PARAM_BLD API as public.
110bff618b Param builder: make the OSSL_PARAM_BLD APIs public.
9e885a707d s_server: Properly indicate ALPN protocol mismatch
9e2c03582d PROV: Fix EC_KEY exporters to allow domain parameter keys
4c106e20ef Document various SRP related APIs
20c00d0a0a Use the new library context aware SRP functions in sslapitest
1744b6d3aa Update libssl to use the new library context aware SRP functions
e85982c7a9 Make SRP library context aware
c9f51264d8 Use the new OCSP functions in sslapitest.c
be6aeda647 Add OCSP_RESPID_set_by_key_ex() and OCSP_RESPID_match_ex()
5fcb97c61e Ignore some fetch failures
6b1e5fa487 Put an error on the stack in the event of a fetch failure
9727f4e7fd Use a fetched cipher for the TLSv1.3 early secret
148bfd26a4 Use a fetched cipher when decrypting a ticket in libssl
8158cf2097 EVP: Limit the diverse key parameter functions to domain params only
0abae1636d EVP: Implement support for key downgrading in backends
ff7262b4f4 test/evp_pkey_provided_test.c: Add test of EVP_PKEY_copy_parameters()
acb90ba8ff EVP: Downgrade keys rather than upgrade
8243d8d1a1 EVP: Add EVP_PKEY_set_type_by_keymgmt() and use it
adc9f73126 EVP: Clarify the states of an EVP_PKEY
5036dc67d0 EC: Refactor ec_curve_name2nid() to accept NIST curve names
7e765f46a6 Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests
b4ba2b7ce0 Fix bug in strncpy() use of sk_ASN1_UTF8STRING2text() in asn1_lib.c
cbb9b7c460 Fix whitespace nit in OSSL_SELF_TEST_new.pod which caused doc-nits 
warning
71f852802f Issuer Sign Tool extention support
129c22840e Fix EVP_PKEY_new_mac_key()
5f1adadce1 util/wrap.pl: Correct exit code when signalled
402b00d579 Use ctx2 instead ctx.
6f829f58ef Make sure we use a fetched cipher when encrypting stateless tickets
abd86cecce Use a fetched version of SHA256 in tls_process_new_session_ticket()
ca1bbc1a20 Use correct libctx when fetching the TLS1 PRF in libssl
3aceb9ec51 Use the libctx and properties when constructing an EVP_PKEY_CTX
cab33afb71 Update CA.pl podpage, and script
55ca81259a Handle mdname in legacy EVP_DigestSignInit_ex codepaths
a45694a356 Make it possible to easily specify a libctx for EVP_DigestSign*
0996cff91f DH, DSA, EC_KEY: Fix exporters to allow domain parameter keys
8cc86b81ac Constify various mostly X509-related parameter types in crypto/ and 
apps/
7e06a6758b Fix error handling in x509v3_cache_extensions and related functions
d3b2f8760a evp_test: the tests using MDC2 need the legacy provider
4b9e90f42a EVP: fetch the EVP_KEYMGMT earlier
9a1c170d63 s_server: warn about NO PSK identity hint in TLSv1.3
22e27978b2 Add support for passing the libctx to the config loader
0f2deef59d Use RAND_bytes_ex in crypto/rsa
cb57f42528 Make sure we use the libctx when fetching a MAC
a2b6231601 Handle the case where there is no digest in an EVP_MD_CTX
8658feddea Update CHANGES and NEWS for 1.1.1e release
ad090d57e2 make err() message strings of find-doc-nits consistently start with 
uppercase letters
bc6ca4cbea add line and file info to 'Malformed line' error msg on *.num files 
in make-doc-nits
ae8483d24d Rename OSSL_{d2i,i2d}_CMP_MSG_bio to {d2i,id2}_OSSL_CMP_MSG_bio
90a7c90500 fix false positive of check-format.pl regarding '#if' on preceding 
line; extend negative tests
aed723f1e4 make util/check-format.pl script executable
38e497818e fix false positive of check-format.pl reporting '{1 stmt}' after 
multi-line 'if(expr)'
cde63b7315 Extend Travis build time-out
244bc29746 Implement serializers for ED25519 and ED448

Reply via email to